Commit graph

23095 commits

Author SHA1 Message Date
Matt Caswell
fb8c83599e Add a test for SSL_CTX_set0_CA_list()/SSL_CTX_set_client_CA_list()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)
2018-11-12 14:29:02 +00:00
Matt Caswell
9873297900 Separate ca_names handling for client and server
SSL(_CTX)?_set_client_CA_list() was a server side only function in 1.1.0.
If it was called on the client side then it was ignored. In 1.1.1 it now
makes sense to have a CA list defined for both client and server (the
client now sends it the the TLSv1.3 certificate_authorities extension).
Unfortunately some applications were using the same SSL_CTX for both
clients and servers and this resulted in some client ClientHellos being
excessively large due to the number of certificate authorities being sent.

This commit seperates out the CA list updated by
SSL(_CTX)?_set_client_CA_list() and the more generic
SSL(_CTX)?_set0_CA_list(). This means that SSL(_CTX)?_set_client_CA_list()
still has no effect on the client side. If both CA lists are set then
SSL(_CTX)?_set_client_CA_list() takes priority.

Fixes #7411

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)
2018-11-12 14:29:02 +00:00
Matt Caswell
24ae00388f Test use of a brainpool ECDSA certificate
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)
2018-11-12 11:10:21 +00:00
Matt Caswell
83c81eebed Add some test brainpool certificates
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)
2018-11-12 11:10:21 +00:00
Matt Caswell
de4dc59802 Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable
TLSv1.3 is more restrictive about the curve used. There must be a matching
sig alg defined for that curve. Therefore if we are using some other curve
in our certificate then we should not negotiate TLSv1.3.

Fixes #7435

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)
2018-11-12 11:08:51 +00:00
Richard Levitte
425036130d Fix SipHash init order.
Setting the SipHash hash size and setting its key is done with two
independent functions...  and yet, the internals depend on both.

Unfortunately, the function to change the size wasn't adapted for the
possibility that the key was set first, with a different hash size.

This changes the hash setting function to fix the internal values
(which is easy, fortunately) according to the hash size.

evpmac.txt value for digestsize:8 is also corrected.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7613)
2018-11-12 07:15:55 +01:00
Dmitry Belyavskiy
59fbc8ef9a Some deabbreviations
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7614)
2018-11-12 07:56:05 +10:00
Tomas Mraz
75b68c9e4e Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #7391
2018-11-10 21:29:36 +01:00
Richard Levitte
65042182fc Recreate the OS390-Unix config target
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5035)
2018-11-10 14:26:40 +01:00
Mansour Ahmadi
d896b79b09 Check return value of EVP_PKEY_new
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7427)
2018-11-10 04:30:45 +02:00
Billy Brumley
dd41956d80 [crypto/bn] swap BN_FLG_FIXED_TOP too
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7599)
2018-11-10 04:08:09 +02:00
David Woodhouse
ecbb2fca93 Add EVP_PKEY_supports_digest_nid()
Rather than relying only on mandatory default digests, add a way for
the EVP_PKEY to individually report whether each digest algorithm is
supported.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)
2018-11-10 03:23:14 +02:00
David Woodhouse
2d263a4a73 Honour mandatory digest on private key in has_usable_cert()
If the private key says it can only support one specific digest, then
don't ask it to perform a different one.

Fixes: #7348

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)
2018-11-10 03:23:14 +02:00
David Woodhouse
eb7eb1378c Stop marking default digest for EC keys as mandatory
ASN1_PKEY_CTRL_DEFAULT_MD_NID is documented to return 2 for a mandatory
digest algorithm, when the key can't support any others. That isn't true
here, so return 1 instead.

Partially fixes #7348

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)
2018-11-10 03:23:14 +02:00
Bernd Edlinger
e2d227bb4a Fix issues with do_rand_init/rand_cleanup_int
Fixes #7022

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7588)
2018-11-09 13:34:48 +01:00
Richard Levitte
e9994901f8 VMS build: colon after target must be separated with a space
... otherwise, it's taken to be part of a device name.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7602)
2018-11-09 12:23:53 +01:00
Richard Levitte
e8d01a6087 Have install targets depend on more precise build targets
We only had the main 'install' target depend on 'all'.  This changes
the dependencies so targets like install_dev, install_runtime_libs,
install_engines and install_programs depend on build targets that are
correspond to them more specifically.  This increases the parallel
possibilities.

Fixes #7466

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7583)
2018-11-08 23:23:46 +01:00
Richard Levitte
c1123d9f7e Allow parallel install
When trying 'make -j{n} install', you may occasionally run into
trouble because to sub-targets (install_dev and install_runtime) try
to install the same shared libraries.  That makes parallel install
difficult.

This is solved by dividing install_runtime into two parts, one for
libraries and one for programs, and have install_dev depend on
install_runtime_libs instead of installing the shared runtime
libraries itself.

Fixes #7466

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7583)
2018-11-08 23:23:46 +01:00
Richard Levitte
9c5f2ea677 VMS build: don't add a comma before 'extradefines'
The variable extradefines will have the starting comma, if needed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7591)
2018-11-08 22:43:10 +01:00
Dr. Matthias St. Pierre
8cfc19716c rand_unix.c: open random devices on first use only
Commit c7504aeb64 (pr #6432) fixed a regression for applications in
chroot environments, which compensated the fact that the new OpenSSL CSPRNG
(based on the NIST DRBG) now reseeds periodically, which the previous
one didn't. Now the reseeding could fail in the chroot environment if the
DEVRANDOM devices were not present anymore and no other entropy source
(e.g. getrandom()) was available.

The solution was to keep the file handles for the DEVRANDOM devices open
by default. In fact, the fix did more than this, it opened the DEVRANDOM
devices early and unconditionally in rand_pool_init(), which had the
unwanted side effect that the devices were opened (and kept open) even
in cases when they were not used at all, for example when the getrandom()
system call was available. Due  to a bug (issue #7419) this even happened
when the feature was disabled by the application.

This commit removes the unconditional opening of all DEVRANDOM devices.
They will now only be opened (and kept open) on first use. In particular,
if getrandom() is available, the handles will not be opened unnecessarily.

This change does not introduce a regression for applications compiled for
libcrypto 1.1.0, because the SSLEAY RNG also seeds on first use. So in the
above constellation the CSPRNG will only be properly seeded if it is happens
before the forking and chrooting.

Fixes #7419

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7437)
2018-11-08 16:38:26 +01:00
Dr. Matthias St. Pierre
1901516a4b Test: enable internal tests for shared Windows builds
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7462)
2018-11-08 16:27:24 +01:00
Dr. Matthias St. Pierre
1c615e4ce9 Test: link drbgtest statically against libcrypto
and remove duplicate rand_drbg_seedlen() implementation again.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7462)
2018-11-08 16:27:06 +01:00
Matt Caswell
680bd131b6 Give a better error if an attempt is made to set a zero length groups list
Previously we indicated this as a malloc failure which isn't very
helpful.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7479)
2018-11-08 11:27:03 +00:00
Matt Caswell
589b6227a8 Ignore disabled ciphers when deciding if we are using ECC
use_ecc() was always returning 1 because there are default (TLSv1.3)
ciphersuites that use ECC - even if those ciphersuites are disabled by
other options.

Fixes #7471

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7479)
2018-11-08 11:27:03 +00:00
Pauli
ac765685d4 Add missing RAND initialisation call.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7587)
2018-11-08 07:22:01 +10:00
Bernd Edlinger
31f32abb8e Rename the rand_drbg_st data member "pool" to "seed_pool"
... to make the intended use more clear and differentiate
it from the data member "adin_pool".

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7575)
2018-11-07 15:21:24 +01:00
Richard Levitte
3866b2247f util/add-depends.pl: go through shared_sources too
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7545)
2018-11-07 14:38:20 +01:00
Rich Salz
47d2080fac Remove outdated e_chil.txt file
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7476)
2018-11-06 22:23:37 -05:00
Bernd Edlinger
2bb1b5ddd1 Fix a race condition in drbgtest.c
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7531)
2018-11-05 22:57:52 +01:00
Bernd Edlinger
fb9c3ff565 Fix error handling in RAND_DRBG_uninstantiate
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7517)
2018-11-05 22:35:11 +01:00
Bernd Edlinger
7ecd6c5186 Fix error handling in drbgtest.c
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7517)
2018-11-05 22:35:10 +01:00
Bernd Edlinger
c5e0b3a6d5 Fix error handling in rand_drbg_new
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7517)
2018-11-05 22:35:10 +01:00
Bernd Edlinger
17209be89b Fix error handling in RAND_DRBG_set
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7517)
2018-11-05 22:35:09 +01:00
Pauli
2087028612 Fix return formatting.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7564)
2018-11-06 07:06:56 +10:00
Pauli
e931f370aa Cleanse the key log buffer.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7564)
2018-11-06 07:06:56 +10:00
Pauli
38cfa99122 EVP_MAC ctrl numbering duplicate removal.
Both EVP_MAC_CTRL_SET_MD and EVP_MAC_CTRL_SET_CIPHER were numbered 4.
This would preclude any future MAC from using both.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7566)
2018-11-06 07:04:36 +10:00
Richard Levitte
93689797a4 GMAC: Add subdir info in crypto/build.info for this to build
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/@7572)
2018-11-05 17:09:04 +01:00
Paul Yang
41eac6122a Fix a collision in function err numbers
'make update' complains about this

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7571)
2018-11-05 23:08:34 +08:00
Richard Levitte
75d47db49d Simplify the processing of skipped source directories
We kept a number of arrays of directory names to keep track of exactly
which directories to look for build.info.  Some of these had the extra
function to hold the directories to actually build.

With the added SUBDIRS keyword, these arrays are no longer needed.
The logic for skipping certain directories needs to be kept, though.
That is now very much simplified, and is made opportunistic.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7558)
2018-11-05 09:28:37 +01:00
Richard Levitte
e0bf7c0181 Collapse different classes of macro databases
We have $config{openssl_algorithm_defines}, $config{openssl_other_defines}
and $config{openssl_thread_defines}.  These are treated exactly the same
in include/openssl/opensslconf.h.in, so having them separated into three
different databases isn't necessary, the reason for the separation being
long gone.  Therefore, we collapse them into one and the same,
$config{openssl_feature_defines}.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7558)
2018-11-05 09:27:36 +01:00
Richard Levitte
9654924f58 Add SUBDIRS settings in relevant build.info files
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7558)
2018-11-05 09:27:36 +01:00
Richard Levitte
7f73eafe2f Build: make it possibly to specify subdirs in build.info
This adds a keyword SUBDIRS for build.info, to be used like this:

    SUBDIRS=foo bar

This tells Configure that it should look for 'build.info' in the
relative subdirectories 'foo' and 'bar' as well.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7558)
2018-11-05 09:27:31 +01:00
Richard Levitte
7b34f0fa5d Build: Make it possible to have defines assigned to end products as well
This simple fix allows the following construct:

    PROGRAMS=foo
    SOURCE[foo]=foo.c bar.c
    DEFINE[foo]=FOO=1 BAR=0

These will trickle down to the build of object files, so building
foo.o and bar.o will be done with these options: -DFOO=1 -DBAR=0
(exact syntax depending on platform, of course)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7553)
2018-11-05 08:13:05 +01:00
Richard Levitte
0a37ff4dca Build: adapt VMS build file template to use the extra macros
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7553)
2018-11-05 08:13:04 +01:00
Richard Levitte
21712b2fc1 Build: adapt Windows makefile template to use the extra macros
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7553)
2018-11-05 08:13:04 +01:00
Richard Levitte
25628ab2ba Build: adapt Unix Makefile template to use the extra macros
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7553)
2018-11-05 08:13:04 +01:00
Richard Levitte
b96ab5e6d0 Build: make it possible to assign macro definitions for specific outputs
Sometimes, some specific program or object file might need an extra
macro definition of its own.  This allows that to be easily done.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7553)
2018-11-05 08:13:04 +01:00
Paul Yang
c1da4b2afe Add poly1305 MAC support
This is based on the latest EVP MAC interface introduced in PR #7393.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7459)
2018-11-05 13:07:07 +08:00
Pauli
748099b9e9 Clarify the POD source for the list command.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7563)
2018-11-05 09:20:19 +10:00
Pauli
afc580b9b0 GMAC implementation
Remove GMAC demo program because it has been superceded by the EVP MAC one

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7548)
2018-11-05 08:09:41 +10:00